Verified Commit 24b0de47 authored by Alexander's avatar Alexander
Browse files

[ci] Add .gitlab-ci and CODEOWNERS

parent 5d55e2cd
Pipeline #200452 failed with stages
in 30 seconds
stages:
- test
- build
- staging
- production
default:
interruptible: true
retry:
max: 2
when:
- runner_system_failure
- unknown_failure
- api_failure
variables:
KUBE_NAMESPACE: "substrate-tip-bot"
CI_REGISTRY: "docker.io/paritytech"
GIT_STRATEGY: fetch
CI_IMAGE: node:16.10-alpine
DOCKERHUB_REPO: "paritytech"
IMAGE_NAME: docker.io/$DOCKERHUB_REPO/substrate-tip-bot
DOCKER_TAG: "${CI_COMMIT_SHORT_SHA}"
VAULT_ADDR: "https://vault.parity-mgmt-vault.parity.io"
VAULT_AUTH_PATH: "gitlab-parity-io-jwt"
VAULT_AUTH_ROLE: "cicd_gitlab_parity_${CI_PROJECT_NAME}"
HELM_SECRETS_DRIVER: vals
.common-refs: &common-refs
rules:
- if: $CI_PIPELINE_SOURCE == "web"
- if: $CI_PIPELINE_SOURCE == "schedule"
- if: $CI_COMMIT_REF_NAME == "master"
- if: $CI_COMMIT_REF_NAME =~ /^[0-9]+$/ # PRs
.test-refs: &test-refs
rules:
- if: $CI_PIPELINE_SOURCE == "web" &&
$CI_COMMIT_REF_NAME =~ /^[0-9]+$/ # PRs and from web interface
- if: $CI_COMMIT_REF_NAME =~ /^[0-9]+$/ # PRs
# Deploy on production goes only on tag
.deploy-prod-refs: &deploy-prod-refs
rules:
- if: $CI_PIPELINE_SOURCE == "web" &&
$CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # on tags (i.e. v1.0, v2.1rc1) and from web interface
- if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # on tags (i.e. v1.0, v2.1rc1)
# Publish docker image and deploy it on staging
.publish-deploy-stg-refs: &publish-deploy-stg-refs
rules:
- if: $CI_PIPELINE_SOURCE == "web" &&
$CI_COMMIT_REF_NAME == "master" # on commits to main branch and from web interface
- if: $CI_COMMIT_REF_NAME == "master" # on commits to main branch
.kubernetes-env: &kubernetes-env
image: $CI_IMAGE
tags:
- kubernetes-parity-build
# template task for building and pushing an image
.build-push-docker-image: &build-push-docker-image
image: quay.io/buildah/stable
script:
- test "$Docker_Hub_User_Parity" -a "$Docker_Hub_Pass_Parity" ||
( echo "no docker credentials provided"; exit 1 )
- buildah bud
--format=docker
--build-arg VCS_REF="${CI_COMMIT_SHA}"
--build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
--build-arg VERSION="${DOCKER_TAG}"
--build-arg PROJECT_NAME="${CI_PROJECT_NAME}"
--tag "$IMAGE_NAME:${DOCKER_TAG}"
--tag "$IMAGE_NAME:latest"
--file "$DOCKERFILE" .
- echo "$Docker_Hub_Pass_Parity" |
buildah login --username "$Docker_Hub_User_Parity" --password-stdin docker.io
- buildah info
- buildah push --format=v2s2 "$IMAGE_NAME:${DOCKER_TAG}"
- buildah push --format=v2s2 "$IMAGE_NAME:latest"
after_script:
- buildah logout --all
# test that docker image can build
.build-only-docker-image: &build-only-docker-image
image: quay.io/buildah/stable
script:
- buildah bud
--format=docker
--build-arg VCS_REF="${CI_COMMIT_SHA}"
--build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
--build-arg PROJECT_NAME="${CI_PROJECT_NAME}"
--tag "$IMAGE_NAME:latest"
--file "$DOCKERFILE" .
check-linting:
stage: test
<<: *common-refs
<<: *kubernetes-env
script:
- apk update && apk add --no-cache git
- yarn --immutable
- yarn lint
build-docker-bot:
stage: build
<<: *test-refs
<<: *kubernetes-env
<<: *build-only-docker-image
variables:
DOCKERFILE: "Dockerfile"
publish-docker-bot:
stage: build
<<: *publish-deploy-stg-refs
<<: *kubernetes-env
<<: *build-push-docker-image
variables:
DOCKERFILE: "Dockerfile"
#### stage: deploy
.deploy: &deploy-k8s
script:
# https://docs.gitlab.com/ee/ci/examples/authenticating-with-hashicorp-vault/#example
- export VAULT_TOKEN="$(vault write -field=token auth/$VAULT_AUTH_PATH/login role=$VAULT_AUTH_ROLE jwt=$CI_JOB_JWT)"
- helm dependency update helm/
- helm secrets --version
- helm secrets upgrade
--install
--atomic
--timeout 300s
--namespace ${CI_PROJECT_NAME}
--values helm/values.yaml
--values helm/values-$ENVIRONMENT.yaml
--set common.image.tag="$DOCKER_TAG"
$CI_PROJECT_NAME helm/
- kubectl get pods -n ${CI_PROJECT_NAME}
# Disabled, enable after conigure HELM chart
.deploy-stg:
stage: staging
<<: *deploy-k8s
<<: *kubernetes-env
<<: *publish-deploy-stg-refs
variables:
CI_IMAGE: "paritytech/kubetools:3.5.3"
ENVIRONMENT: parity-stg
environment:
name: parity-stg
.deploy-prod:
stage: production
<<: *deploy-k8s
<<: *kubernetes-env
<<: *deploy-prod-refs
variables:
CI_IMAGE: "paritytech/kubetools:3.5.3"
ENVIRONMENT: parity-prod
environment:
name: parity-prod
# Lists some code owners.
#
# A codeowner just oversees some part of the codebase. If an owned file is changed then the
# corresponding codeowner receives a review request. An approval of the codeowner might be
# required for merging a PR (depends on repository settings).
#
# For details about syntax, see:
# https://help.github.com/en/articles/about-code-owners
# But here are some important notes:
#
# - Glob syntax is git-like, e.g. `/core` means the core directory in the root, unlike `core`
# which can be everywhere.
# - Multiple owners are supported.
# - Either handle (e.g, @github_user or @github_org/team) or email can be used. Keep in mind,
# that handles might work better because they are more recognizable on GitHub,
# you can use them for mentioning unlike an email.
# - The latest matching rule, if multiple, takes precedence.
# Global code owners
* @paritytech/opstooling
# CI
/.gitlab-ci.yml @paritytech/ci
/.github @paritytech/ci
FROM node:16-alpine
# metadata
ARG VCS_REF=master
ARG BUILD_DATE=""
ARG REGISTRY_PATH=docker.io/paritytech
ARG PROJECT_NAME=""
LABEL io.parity.image.authors="cicd-team@parity.io" \
io.parity.image.vendor="Parity Technologies" \
io.parity.image.title="${REGISTRY_PATH}/${PROJECT_NAME}" \
io.parity.image.description="Substrate Tip bot" \
io.parity.image.source="https://github.com/paritytech/${PROJECT_NAME}/blob/${VCS_REF}/Dockerfile" \
io.parity.image.documentation="https://github.com/paritytech/${PROJECT_NAME}/blob/${VCS_REF}/README.md" \
io.parity.image.revision="${VCS_REF}" \
io.parity.image.created="${BUILD_DATE}"
RUN apk -U upgrade --no-cache
WORKDIR /usr/src/app
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment